From 9a1a409d63e30dcb939b672d352fc4aa7ba690fe Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Tue, 28 Apr 2015 16:24:02 +0200
Subject: provide dedicated ccache file for httpd

httpd service stores Kerberos credentials in kernel keyring which gets
destroyed and recreated during service install/upgrade, causing problems when
the process is run under SELinux context other than 'unconfined_t'. This patch
enables HTTPInstance to set up a dedicated CCache file for Apache to store
credentials.

https://fedorahosted.org/freeipa/ticket/4973

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 init/systemd/httpd.service | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 init/systemd/httpd.service

(limited to 'init')

diff --git a/init/systemd/httpd.service b/init/systemd/httpd.service
new file mode 100644
index 000000000..ef1e6bfda
--- /dev/null
+++ b/init/systemd/httpd.service
@@ -0,0 +1,4 @@
+.include /usr/lib/systemd/system/httpd.service
+
+[Service]
+Environment=KRB5CCNAME=/var/run/httpd/krbcache/krb5ccache
-- 
cgit